'Trojan Horse' Bug Lurking in Vital US Computers Since 2011
U.S. officials believe infrastructure computer hack sponsored by Russia.
By JACK CLOHERTY and PIERRE THOMAS
November 6, 2014, 7:13 PM
• 3 min read
-- A destructive “Trojan Horse” malware program has penetrated the software that runs much of the nation’s critical infrastructure and is poised to cause an economic catastrophe, according to the Department of Homeland Security.
National Security sources told ABC News there is evidence that the malware was inserted by hackers believed to be sponsored by the Russian government, and is a very serious threat.
The hacked software is used to control complex industrial operations like oil and gas pipelines, power transmission grids, water distribution and filtration systems, wind turbines and even some nuclear plants. Shutting down or damaging any of these vital public utilities could severely impact hundreds of thousands of Americans.
DHS said in a bulletin that the hacking campaign has been ongoing since 2011, but no attempt has been made to activate the malware to “damage, modify, or otherwise disrupt” the industrial control process. So while U.S. officials recently became aware the penetration, they don’t know where or when it may be unleashed.
DHS sources told ABC News they think this is no random attack and they fear that the Russians have torn a page from the old, Cold War playbook, and have placed the malware in key U.S. systems as a threat, and/or as a deterrent to a U.S. cyber-attack on Russian systems – mutually assured destruction.
The hack became known to insiders last week when a DHS alert bulletin was issued by the agency’s Industrial Control Systems Cyber Emergency Response Team to its industry members. The bulletin said the “BlackEnergy” penetration recently had been detected by several companies.
DHS said “BlackEnergy” is the same malware that was used by a Russian cyber-espionage group dubbed “Sandworm” to target NATO and some energy and telecommunications companies in Europe earlier this year. “Analysis of the technical findings in the two reports shows linkages in the shared command and control infrastructure between the campaigns, suggesting both are part of a broader campaign by the same threat actor,” the DHS bulletin said.
The hacked software is very advanced. It allows designated workers to control various industrial processes through the computer, an iPad or a smart phone, sources said. The software allows information sharing and collaborative control.